Back to CVE Browser

CVE-2007-2114

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile22.92th

PublishedApr 18, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).

Affected Platforms (CPE)

📦

Oracle

Database Server

= 10.1.0.5

📦

Oracle

Database Server

= 10.2.0.2

References & Advisories

🔗 http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf

🔗 http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf

🔗 http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html

🔗 http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html

🔗 http://www.securityfocus.com/archive/1/466329/100/200/threaded

🔗 http://www.securityfocus.com/bid/23532

🔗 http://www.securitytracker.com/id?1017927

🔗 http://www.us-cert.gov/cas/techalerts/TA07-108A.html

Related Vulnerabilities

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).